Lumeta today warned that, as industries connect their previously isolated Supervisory Control and Data Acquisition (SCADA) systems to their larger TCP/IP networks to gain better accessibility and to lower costs, they will also potentially subject these critical industrial controls to higher security risks. As connectivity becomes ever more ubiquitous throughout organizations, it is certain that more SCADA security incidents will occur and, given how much of the world’s infrastructure they control, they could potentially have serious repercussions.
Michael Markulec, chief operating officer at Lumeta commented:
SCADA systems need to be absolutely secure, given that they control some of our most vulnerable infrastructure, including gas pipelines, chemical plants and nuclear facilities. Network management needs to know whether and how their SCADA systems connect to the larger corporate network so that these connections can be locked down. Because, as we’ve seen with recent incidents, it does not take a cyber attack to take out a power plant — simple computer error will do the trick as well, if connections do not comply with policy.
For example, in March, the Hatch Nuclear Power Plant in Georgia went through an emergency shutdown as a result of a software update that was made on the plant’s business network. The business network was in two-way communication with the plant’s SCADA network and the update synchronized information on both systems. Reset after a reboot, the SCADA safety systems detected a lack of data and signaled that the water level in the cooling systems for the nuclear fuel rods had dropped, which caused an automatic shutdown. Engineers were aware of the two-way communication link, but they did not know that the update would synchronize data between the two networks.
There was no danger to the public, but any time an electric generation plant shuts down, the power company loses millions of dollars in revenue and has to incur the substantial expense of getting the plant back online – no small task for a nuclear facility. And the Hatch incident was only the latest in a string of accidents and unnecessary shutdowns whose cause was due to some problem on the network. The Browns Ferry nuclear plant in Alabama, for example, shut down in 2006 when a network traffic overload locked up pump controls.
In the case of Hatch Nuclear Power Plant, engineers chose to sever all physical connections between the SCADA and business networks.
However, these engineers would be mistaken in thinking that the SCADA network is now safe without a regular assessment of connectivity to ensure that no connections between the SCADA network and the corporate network appear. TCP/IP networks are designed to make connectivity easy, and the ubiquity of today’s corporate networks open up the possibility of someone inadvertently connecting SCADA to the larger network, with potentially disastrous consequences.
According to Markulec, the industry need not give up on the cost and management advantages of connecting their SCADA networks to the larger network. As long as they possess strong safety systems and conduct frequent and regularly scheduled network scans to understand the full scope of connectivity and to guarantee that all connections conform to security policy, critical infrastructure should not fall prey to unforeseen security risks such as network leaks.